Meet 3 PATRIOT Act False Positives Investigated for Buying Beauty Supplies

Both Mike Rogers and Ron Wyden made claims about the efficacy of the surveillance scoops of the last few days, especially the use of Section 215 to collect the phone data — and other tangible stuff, including credit card records — of every American.

The assessment of efficacy ought to consider a number of factors: Whether this surveillance has prevented any attacks (Rogers says it has, but mentions only one in the entire 7 year span of the program). Why it didn’t prevent an attack like the Boston Marathon bombing, which was carried out by two guys whose lives and extremist interests were splashed all over social media, and one of whom was discussed in international texts  that would have been fair game for collection under PRISM.

But an efficacy assessment also needs to find a way to quantify the costs such surveillance has on false positives.

So let’s consider what may have happened to three probable false positives who had their lives thoroughly investigated in 2009 after being — wrongly, apparently — tied to Najibullah Zazi’s plot to bomb the NYC subway.

We first learned of these three people when they appeared in the detention motion the FBI used to keep him in custody in Brooklyn. As part of the proof offered that Zazi was a real threat, FBI described 3 people in Aurora, CO, who bought large amounts of beauty supplies.

Evidence that “individuals associated with Zazi purchased unusual quantities of hydrogen and acetone products in July, August, and September 2009 from three different beauty supply stores in and around Aurora;” these purchases include:

  • Person one: a one-gallon container of a product containing 20% hydrogen peroxide and an 8-oz bottle of acetone
  • Person two: an acetone product
  • Person three: 32-oz bottles of Ion Sensitive Scalp Developer three different times

Unlike just about everything else cited in the detention motion, there was no obvious means by which these individuals were identified.

During the debate on PATRIOT Act reauthorization later that fall, Dianne Feinstein used the Zazi investigation to insist that Section 215 retain its broad “relevant to” standard. Given her insistence Section 215 had been important to the investigation, and given that the identification of these beauty supply buying subjects appeared to work backwards from their purchase of beauty supplies, I guessed at the time that the FBI used Section 215 to cross reference all the people who had bought these beauty supplies in Aurora, CO — which are precursors for the TATP explosive Zazi made — with possible associations with Zazi.

Just days later, as part of the debate, Ben Cardin discussed using National Security Letters to track people who buy “cleaning products that could be used to make explosive device.” And John Kyl discussed wanting to “know about Joe Blow buying hydogen peroxide.” Acetone and hydrogen peroxide, the same precursors used to implicate these three people.

In February 2011, Robert Mueller confirmed explicitly that Section 215 had been used to collect “records relating to the purchase of hydrogen peroxide.”

That seems to suggest that the government used Section 215 or NSLs to search on all the people who bought acetone and hydrogen peroxide in Aurora (by all public reporting, Zazi kept to himself the entire time he lived in CO).

But here’s the thing: these three people never appeared again in the legal case against Zazi and his co-conspirators. The only one from CO ever implicated in the plot was Zazi’s father, who had lied to protect his son.


They were three known associates buying dangerous explosives precursors one day, and apparently became either cleared innocents or recruited confidential informants the next day.

In other words, they appear to be false positives identified by the Section 215 dragnet celebrated by Obama and DiFi and everyone else implicated in it now as a great way to prevent terrorism (Zazi, remember, was discovered through legal FISA intercepts obtained after we got a tip from Pakistan).

Now, no one, as far as I know, has ever found these three probable false positives to ask them what they went through during the period when they were suspected of being co-conspirators in the biggest terrorist attack since 9/11. But given the likelihood that the association with Zazi went through his mosque (the other likely possibility is another driver from the airport), I imagine that their neighbors and employers got awfully suspicious when the FBI showed up and started asking questions. How badly does being actively — and, apparently, falsely — investigated for being a terrorist ruin your life if you’re an American Muslim? Do you lose job security? Do other kids’ parents refuse to let their kids play with yours? Does your homeowners association try to cause you trouble?

That’s what this debate about efficacy needs to quantify. Data mining is never completely accurate, and given the small number of terrorists and therefore the high degree of guessworks that goes into what counts as an association, you’re going to have false positives, as appears to have happened here.

Lots of apologists are saying they never do anything wrong, and therefore they don’t have to worry. But it appears that doing something as innocent as buying hair bleach can get you sucked into this dragnet.

42 replies
  1. peasantparty says:

    Great piece!

    All those products are used in Hair and Nail Salons.

    Someone needs to ask DiFi how many warrants were presented to the FISA courts last month! I bet that would blow her pants off.

  2. newz4all says:

    Glenn and The Guardian UK roll out ANOTHER BOMBSHELL REVELATION !!!!


    Obama orders US to draw up overseas target list for cyber-attacks

    Exclusive: Top-secret directive steps up offensive cyber capabilities to ‘advance US objectives around the world’

    Obama tells intelligence chiefs to draw up cyber target list – full document text

    Eighteen-page presidential memo reveals how Barack Obama has ordered intelligence officials to draw up a list of potential overseas targets for US cyber attacks

  3. newz4all says:

    Glenn had an excellent blog post today about all of the Revelations and Bombshells

    On whistleblowers and government threats of investigation

    No healthy democracy can endure when the most consequential acts of those in power remain secret and unaccountable

    “The way things are supposed to work is that we’re supposed to know virtually everything about what they do: that’s why they’re called public servants. They’re supposed to know virtually nothing about what we do: that’s why we’re called private individuals.”

  4. newz4all says:

    yet another War Crime flying under the radar of the usa media (except Carol Rosenberg @ The Miami Herald)

    The US knows force-feeding hunger strikers at Guantánamo is illegal

    The Obama administration accepts the law of war applies to detainees – and that prohibits force-feeding. This must end now

    to keep up with the latest usa War Crimes

  5. peasantparty says:

    @newz4all: I have no idea who or how many are giving this information to journalists, but all I can say is:

    WHOOP! I’m proud of whomever it is that is busting chops and letting America know.

  6. newz4all says:

    Geebus!! Check out the SMEAR / HIT piece at the usa / usg Water Carrying new york times !!

    Blogger, With Focus on Surveillance, Is at Center of a Debate

    After writing intensely, even obsessively, for years about government surveillance and the prosecution of journalists, Glenn Greenwald has suddenly put himself directly at the intersection of those two issues, and perhaps in the cross hairs of federal prosecutors.

    Late Wednesday, Mr. Greenwald, a lawyer and longtime blogger, published an article in the British newspaper The Guardian about the existence of a top-secret court order allowing the National Security Agency to monitor millions of telephone logs. The article, which included a link to the order, is expected to attract an investigation from the Justice Department, which has aggressively pursued leakers.

    what a bunch of SWINE at the nyt!!!!

    Glenn has absolutely destroyed the nyt in the last 3 days – Three HUGE Revelations in 3 days!!! the nyt cannot even keep up!!! all they can do is print the crap that the usa usg sends them to type up and print!!!


  7. Hmmm says:


    “As for the web companies, their role remains unclear. Initially they insisted that the access-all-areas relationship described in Prism’s PowerPoint presentation is false and there was no such collaboration. Yet one industry insider tells me that “it’s very hard to think the companies did not know” the NSA was collecting their data, since such an intrusion “would show up pretty damn quick”. That leaves a third possibility: that the Prism pitch was exaggerated, in order to make it a more attractive sell to its potential customers among the US – and UK – intelligence fraternity.”

  8. Snoopdido says:

    We know that the US government has at least 2 different types of surveillance processes in place. For simplicity’s sake, let’s call them real-time surveillance and historical surveillance.

    The real-time surveillance process consists of things like the Narus system the US government placed in AT&T’s San Francisco communications hubs (and other locations around the US) to monitor communications traffic. It consists of trigger words that are scanned for in the data streams split off from the surveilled fiber optic lines.

    Additionally, I expect that the US government has similar real-time surveillance systems that again use triggers to monitor credit card usage.

    The historical surveillance systems that the US government uses are like the Wayback Machine ( only vastly more all-encompassing. These would be the US government obtaining the entire country’s phone communications records as evidenced in the Section 215 order to Verizon for all US domestic phone calls.

    The US government would use this type of big data database to allow them to forensically identify each and every communication activity that a person or persons of interest had over the last 7 years as well as the secondary and tertiary community of interest contacts and interactions.

    As an example, the US government has likely made use of this historical surveillance system big data database to allow it to walk the dog back on all communication activities of the Brothers Tsarnaev and any of the contacts leading up to the Boston Marathon bombing. With both the Brothers Tsarnaev’s computers in hand as well as likely cellphones, the US government would be able to track back to any and all communications activities such as email, internet access, phone contacts with associates, friends and family etc.

    At some point in 2006 or 2007 (or perhaps even earlier in the Bush/Cheney administration), the US government decided that it was both technically feasible and worthwhile to maintain a record of all US electronic communications.

    At this point in time, I see no likelihood of there being sufficient political leverage being exercised by the American public to overturn the US government’s total surveillance state. I hope I’m wrong.

  9. newz4all says:

    Obama faces hypocrisy charges at China summit after data mining revelations

    Administration must confront discrepancy between its closed-door practices and the position it seeks to hold in the world

    Leaks Overshadow Obama’s Meeting With President of China

    The meeting with President Xi Jinping was expected to be a venue for Mr. Obama to raise concerns about Chinese cyber attacks and spying. Now, it will take place amid striking revelations about the United States’s surveillance of its own citizens.

  10. newz4all says:

    Extremely concerning from the UK perspective is the role of Menwith Hill, the NSA spy base in North Yorkshire that plays a key role for the US as part of a global electronic surveillance network.

    The NSA is now enormously powerful and is operating as a de facto secret state in ways that flout democratic norms and international law, with serious implications for personal and political freedoms.

  11. peasantparty says:

    @Snoopdido: I hope you are wrong about the people as well. Right now, the people that be are at the Bilderburg meeting with Internet issues on their agenda. Not long after this meeting they will join up for their annual Bohemian Grove jaunt to discuss how to put those plans into action.

  12. peasantparty says:

    I keep hearing in my head that argument we had years ago where the statement went: “If you’re not doing anything wrong, they you have nothing to worry about.”

    So, if we aren’t doing anything wrong why is our Government snooping on all of us?

    I tried to find the original and this is what I came up with:

  13. P J Evans says:

    At this point in time, I see no likelihood of there being sufficient political leverage being exercised by the American public to overturn the US government’s total surveillance state. I hope I’m wrong.

    Considering how many people are reacting to these stories with ‘if you haven’t done anything wrong’ or ‘if it prevents a terrorist attack’ or some similar excuse for not stopping the surveillance, I suspect you’re right.

  14. CTuttle says:

    From Gizmodo…Anonymous Just Leaked a Trove of NSA Documents…

    …The documents seem to mostly relate to PRISM and supporting operations, and mostly date from around 2008, supposedly not long after PRISM first reared its ugly head. One of the key things Anonymous has highlighted from the documents is the existence of an “intelligence-sharing network” that shares data gleaned from PRISM with “intelligence partners” around the world. Although we’re still in the process of combing through the documents, you can bet your last Bitcoin that ‘intelligence’ has been shared with British security services…

  15. tryggth says:

    Zuckerberg and Larry Page have released their PRISM statements. Remarkably similar in construction and content. Remarkably.

  16. peasantparty says:

    @Hmmm: You probably don’t know this, but I help The Dissenter at Firedoglake with minute by minute updates on the Manning hearings and trial.

    Just this week, one of the witnesses on the stand who is an Army Spec Intell Analyst and superior to Bradley Manning stated that they are instructed…

    INSTRUCTED to comb through Facebook and Google.

  17. P J Evans says:

    I figure it’s possible for FB and Google to be making honest statements, given that everything is done at some location that isn’t in one of their facilities or under their control. That they really really didn’t know that it was going on – yeah, that’s stretching it a bit, since it involves locations in the Bay Area.

  18. phred says:

    Thanks for this post EW, I think you bring up a very important point about the resources devoted to red herrings, not to mention the pointlessness of the effort overall.

    Just imagine if DOJ had used a fraction of what taxpayers have pissed away on PRISM to… I don’t know, prosecute banksters or torturers maybe. Or how ’bout the DOT getting a little of that NSA-level love to upgrade our infrastructure with safe bridges and high speed trains. Or, the DOE investing in poorer school districts to boost the educational prospects of those who need it most. Or, expanding Medicare to cover, oh gee, how ’bout everyone?

    The staggering WASTE being perpetrated by the feds is quite literally ruinous.

    Thanks for that reminder EW.

  19. jawbone says:

    Whole lotta writing going on at The Guardian about these leaks. Wow.

    And here in the USA MCM (Mainstream Corporate Media)???

  20. Snoopdido says:

    @Snoopdido: From the Wall Street Journal – Credibility Crunch for Tech Companies Over Prism (

    “With Silicon Valley’s credibility in protecting consumer privacy on the line, many of the largest Web companies on Friday emphasized they aren’t giving the U.S. government a direct pipe into their networks as part of a secret program to monitor foreign nationals.

    But the denials of involvement by Google Inc., Microsoft Corp. and others, which come at the same time the Obama administration confirmed the existence of such a program, raised questions about how data is ending up in the hands of the government.

    The issues are especially acute for companies who make their business by collecting and processing customers’ most personal data and secrets.

    Google CEO Larry Page and Chief Legal Officer David Drummond said in a blog post that the company doesn’t give U.S. government investigators “open-ended access” to its network and hadn’t “joined” a program known as Prism and run by the National Security Agency.

    The executives said Google only hands over data based on legally-authorized requests that it reviews individually.

    U.S. officials briefed on the matter said Friday that the NSA receives copies of data through a system they set up with a court order. They don’t have direct access to the company computers, those people said.”

    This sounds again like a splitter-based capture system on the fiber optic lines at the access point to these Internet businesses like Google, Apple, etc. Since the fiber optic line providers are companies like Verizon, AT&T, Comcast, etc., I’m guessing that the US government’s Prism operation is being conducted with the assistance of these fiber optic line providers and perhaps without the knowledge or permission of some of these Internet businesses.

    Some others like Microsoft may be active and willing participants.

  21. Snoopdido says:

    @Snoopdido: Matt Apuzzo of the AP has some details – But Wait, There’s More: A Domestic Spying Q&A ( From page 3 of the article, there is this:

    “It’s not clear whether the companies agreed to be part of PRISM voluntarily or were under court order but, either way, the companies almost certainly signed agreements with the government spelling out their cooperation. The Post reported that the government has the authority to force companies to participate.


    Q: But the companies are denying all this, right?

    A: Sort of.

    Apple, for instance, issued a statement saying it had “never heard of PRISM.”

    That’s not surprising. PRISM is a government codename for a collection effort known officially as US-984XN. There would be no reason for the NSA to share the code name with the companies.

    Apple’s statement continued, “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

    From what we know about PRISM, there apparently was a FISA court order authorizing this effort. And PRISM does not require direct access to company servers. More likely, in fact, the NSA or the companies would set up a designated route to transfer data to the government. That’s easier for the company and less legally problematic for the NSA.”

  22. jawbone says:

    Phred @ 32 —

    Ah, you mention banksters! I keep wondering if there might have been some information available to the US government, like, say, the DOJ, in all the massive call logs which would provide some, like, EVIDENCE to cook the banksters’ keesters on what they did to bring down the economy.

    But, for some reason, I doubt this administration would even look for that against such “savvy businessmen.”

    Indeed, this administration would probably have such call references destroyed.

    After all, why would Obama turn on the ones what brung him him to the Big Dance? Taught him how to weild power the right ways (as in right of center, and especially The Corporate Way)? Even helped dress him up in the best words available to make him look like the prom king to Dem voters?

    Oh, no. They’re his mentors, donors, masters. The Untouchables.

    (Hi, there, NSA! Hey, whassup?)

  23. Bill Wolfe says:

    I’be been a victim of false positive techniques:

    here’s an episode for you (my story with Homeland Security):

    A few years back (December 2008) I was taking photographs of refineries and chemical plants on the Delaware River in South Jersey. Made sure I got shots of the schools, daycare centers, and houses surrounding them.

    At the time, I had a column in NJ largest newspaper, the Star Ledger (NJ Voices) and was writing about a pending bill that would provide loopholes and subsidies to those plants worth millions of dollars.

    Cops converged – I told them all this.

    Long story short:

    1) I was detained, photographed, and interrogated for 2 hours. My car was illegally searched. When the cops finally Googled my name (like I told them at the outset to confirm my sorry) they apologized profusely and let me go.

    I thought it as over. I was wrong

    2) A few days later, 3 suits knock on my door at dinnertime. Homeland secuiy, FBI and county prosecutor’s office, to conduct investigation. Claimed my story was false, because I also was photographed at a chemical plant near a school, with a backpack on. Claimed I failed to disclose that when I told them what I as doing (I only mentioned the refineries). Claimed I could be a Chechen rebel with a bomb in the backpack (seriously).

    I explained, and thought it was over. I was wrong.

    3) About 2 weeks later, my local cop rolls up. Said he got a call that I was observed taking unauthorized photographs of young children!

    Holy shit – earlier that day I was photographing schools and day care centers adjacent to toxic sites in poor hispanic/portugese sections of Passaic City.

    I explained and thought it was over. I was wrong.

    4) A few weeks after that, I was photographing a BASF chemicals plant in Belvidere NJ and local cop stops me.

    I explain, but he runs a computer check. COmes back after 15 minutes and warns me that its a crime to lie to a police officer conducting an investigation and do I want to change my story?

    I tell him no – he asks if there are warrants or judgments on me that would explain the “hit” he got in his computer search. I say no, not even a parking ticket. He continues questioning me and reluctantly lets me go 30 minutes later.

    Thought it was over, but I was wrong again – and here’s where the NSA spook stuff comes in.

    5) A few years later, (Sept 11), I was traveling down I-81 on a trip through the south to see the civil rights movement places. I wrote about it here:

    On I-81 in Tennessee, at 8 am, in dense fog with commuter traffic going 40 mph, I get pulled over by a homeland security SUV.

    The officer (looked like military, black jumpsuit) proceeds to ask me a bunch of weird question about where I’m going, who I’m staying with, how long I’m staying etc.

    Turns out, he’s using license plate scan technology and I’m on some kind of watch list.

    This was during a period when Occupy Wall Street was organizing – I had written about and attended several Occupy actions in NY (and a G20 lockdown in Pittsburgh)

    I spoke with Chris Hedges about all this – and Hedges wrote a column about an Occupy woman from Florida who was similarly monitored.

    Obviously, the Occupy blogging and event participation, plus the prior Homeland Security thing trigger a “dragnet” hit for me.

    Total BS.

  24. phred says:

    @Bill Wolfe: And this is why all those folks saying, “I’ve got nothing to hide” have not the first clue about what they are talking about.

    I am so sorry to hear about your harassment Bill, but I thank you for telling us about it. It’s important to be able to explain to people why the police state is so dangerous.

Comments are closed.